Fortinet has disclosed a security vulnerability affecting its FortiOS operating system that could allow attackers with administrative privileges to execute unauthorized system commands by bypassing command line interface restrictions.
The flaw, tracked as CVE-2025-58325, was discovered internally by Fortinet’s PSIRT team and published on October 14, 2025.
Vulnerability Details
The security weakness stems from an incorrect provision of specified functionality issue, classified under CWE-684.
This vulnerability exists in the FortiOS CLI component and enables local authenticated attackers to execute arbitrary system commands through specially crafted CLI inputs that bypass existing security controls.
With a CVSS v3.1 score of 7.8, the vulnerability is rated as high severity due to its potential for complete system compromise.
| Attribute | Details |
| CVE ID | CVE-2025-58325 |
| Severity | High |
| CVSS v3.1 Score | 7.8 |
| Impact | Escalation of privilege |
| CWE | CWE-684 |
| Published | October 14, 2025 |
The attack requires local access and high-level privileges, meaning an attacker would need administrative credentials to exploit this flaw.
However, once exploited, the vulnerability allows privilege escalation with changed scope, potentially affecting resources beyond the vulnerable component.
The attack complexity is low and requires no user interaction, making it relatively straightforward for threat actors who have already gained administrative access to leverage this weakness for further malicious activities.
Multiple FortiOS versions across several major release branches are vulnerable to this command injection flaw.
Organizations running FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.5, FortiOS 7.2.0 through 7.2.10, and FortiOS 7.0.0 through 7.0.15 should immediately prioritize patching.
All versions of FortiOS 6.4 are affected and users should migrate to a fixed release since no patch is available for this end-of-life version.
| FortiOS Version | Affected Releases | Recommended Action |
| 7.6 | 7.6.0 | Upgrade to 7.6.1 or above |
| 7.4 | 7.4.0 through 7.4.5 | Upgrade to 7.4.6 or above |
| 7.2 | 7.2.0 through 7.2.10 | Upgrade to 7.2.11 or above |
| 7.0 | 7.0.0 through 7.0.15 | Upgrade to 7.0.16 or above |
| 6.4 | 6.4 all versions | Migrate to a fixed release |
The vulnerability impacts a wide range of Fortinet firewall models including the 100E/101E, 100F/101F, 1100E/1101E, 1800F/1801F, 2200E/2201E, 2600F/2601F, 3300E/3301E, 3400E/3401E, 3500F/3501F, 3600E/3601E, 3800D, 3960E, 3980E, 4200F/4201F, 4400F/4401F, 5001E, 6000F, 7000E, and 7000F series.
Other FortiGate models remain unaffected by this security issue.
Fortinet recommends organizations upgrade to FortiOS 7.6.1, 7.4.6, 7.2.11, or 7.0.16 depending on their current version branch, and advises using their upgrade path tool for proper migration planning.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
